1a44b78d8bb505a1e28360971bb1adbdbe5d11484f59049210ef6b8734280359 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 08:14

Sharing

Report Analysis Logs

General

Target

PI3999028 for payment.scr
Size

2.5MB
MD5

f25dd2ec24d9430af72387e80ce988dd
SHA1

be6c0a33bbcf1834274d9376b529726e337a7926
SHA256

1a44b78d8bb505a1e28360971bb1adbdbe5d11484f59049210ef6b8734280359
SHA512

a07061ae78956a43ecd9f1fca7261b61f620786ada93da067cf61d1a592d124799499478d21e82ddb60aa8a53ad9d2e6542e272dd8fc73314ff30913e15042dc

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1336 1928 WerFault.exe PI3999028 for payment.scr

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

PI3999028 for payment.scr

description	pid	process	target process
PID 1928 wrote to memory of 1336	1928	PI3999028 for payment.scr	WerFault.exe
PID 1928 wrote to memory of 1336	1928	PI3999028 for payment.scr	WerFault.exe
PID 1928 wrote to memory of 1336	1928	PI3999028 for payment.scr	WerFault.exe
PID 1928 wrote to memory of 1336	1928	PI3999028 for payment.scr	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\PI3999028 for payment.scr
"C:\Users\Admin\AppData\Local\Temp\PI3999028 for payment.scr" /S
1⤵
- Suspicious use of WriteProcessMemory
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 556
2⤵
- Program crash
PID:1336

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-55-0x0000000000000000-mapping.dmp

Download
memory/1928-54-0x00000000010B0000-0x000000000133C000-memory.dmp

Filesize
2.5MB

Download